Description
Kayran has found that mod_negotiation is enabled on your Apache.
mod_negotiation is an Apache module which is responsible for selecting the document that best matches the clients set of capabilities, from one of several available documents.
If a certain user uses an invalid accept header, the server will response with a 406 error which might contain directory listing.
All of it, can lead to the possibility of attackers learning more about their targets.
For example, it can help an attacker to find backup files, generate credentials and so on.
Recommendation
Simply disable the MultiViews directive from the Apache’s configuration file and restart Apache so the changes will take effect.
References
https://httpd.apache.org/docs/2.4/mod/mod_negotiation.html
